Joe Doyle's Blog

A Brave New World

I downloaded and installed ASP.NET MVC 1.0 today. I’ve been following the press it’s been getting as well as it’s Ruby on Rails cousin. I’ve used the MVC pattern in only one application I’ve ever written. I can think of 3 others that I should have. I get the concept, just moving over to web development is new for me. I’ve only done a few ASP.NET WebForms apps in the past, most of which would have been much easier had the ASP.NET MVC been around.

Part of my current project will involve creating an interface to the objects in our database. The data is hierarchical. We have users, which have “folders” (for lack of a better term), which contain documents. It sounds like a great place to use a RESTful API. The data will be read-only, which should make things even easier. The data also doesn’t get modified, just added to, so it’s also a good candidate for caching (both server-side and client-side). I still need to figure out a few things:

How do I implement security?

We will want to control who can access sections of the data. User A shouldn’t be able to see User B’s data by default, but it should be configurable.

While Windows Integrated Authentication is fine for typical usage, we will need to also support Basic Authentication (yes, over SSL).

The current ASP.NET MVC templates are in the /controller/action/id format. Can you do more complicating things such as /controller/id/controller/action/id?

Instead of returning HTML from every View, can I load up data from the database and cause a file download on the client side? I would think so.

I ordered Professional ASP.NET MVC 1.0 on Amazon today. That should help answer many of the questions I have. I’ve been starting to read the tutorials on the web, but many are based on beta and release candidate versions (which apparently have changed a bit over time). They’re better than nothing, right? That’s what I get for being late to the party.